Potential Impact

SVF and SPA Products:Following products and versions may be affected by CVE-2018-2783 and CVE-2018-2794.

Product Name

Version

Server

Client

SVFX-Designer

8.2 to 9.2

n/a

v

SVF Web Designer

9.2

v

n/a

SVF Java Products

8.2 to 9.2

v

n/a

Report Director Enterprise

8.2 to 9.2

v

n/a

Universal Connect/X

8.2 to 9.2

v

n/a

SVF Connect for Java API

8.1 to 9.2

v

v

SPA

9.2 to 9.3

v

n/a

SVF PDF Loader

9.2

v

n/a

Dr. Sum Products:

Dr. Sum, Dr. Sum EA, Datalizer and TextOLAP are not affected when severity rating is 7.0 (high) or higher in CVSS v2.0 Rating. Dr. Sum EA Connect and Dr. Sum Connect are still under investigation.

MotionBoard Products:

MotionBoard products are not affected when severity rating is 7.0 (high) or higher in CVSS v2.0 Rating.

Solution

Oracle has no longer provided any patch update for Java6 and Java7 in public. We recommend you apply the latest Service Pack for SVF products which support Java 8 (Java 8 Update 163) or higher. Please contact us for more details.